Using HTTPS? The URL may not be fully encrypted, hence can be tracked (stackoverflow.com) 2 points by sci_c0 6y ago ↗ HN
[–] sci_c0 6y ago ↗ When request is made over HTTPS, the server name in the URL may not be encrypted, only the path to the resource will be encrypted.i.e.if you type https://www.example.com/path/to/my/resource?show=pretty then the www.example.com may be sent in plain text only the path part will be encrypted.
[–] Piskvorrr 6y ago ↗ TL;DR: SNI sends hostname (not whole URL) in plaintext, ESNI (encrypted) is not widely supported (not in Chrome, off by default in Firefox, visited domain also needs to support it).
2 comments
[ 3.1 ms ] story [ 7.2 ms ] threadi.e.
if you type https://www.example.com/path/to/my/resource?show=pretty then the www.example.com may be sent in plain text only the path part will be encrypted.